OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
28ea215186
linux/net/ipv4
History
Eric Dumazet ca10b9e9a8 selinux: add a skb_owned_by() hook 
Commit 90ba9b1986 (tcp: tcp_make_synack() can use alloc_skb())
broke certain SELinux/NetLabel configurations by no longer correctly
assigning the sock to the outgoing SYNACK packet.

Cost of atomic operations on the LISTEN socket is quite big,
and we would like it to happen only if really needed.

This patch introduces a new security_ops->skb_owned_by() method,
that is a void operation unless selinux is active.

Reported-by: Miroslav Vadkerti <mvadkert@redhat.com>
Diagnosed-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-security-module@vger.kernel.org
Acked-by: James Morris <james.l.morris@oracle.com>
Tested-by: Paul Moore <pmoore@redhat.com>
Acked-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-09 13:23:11 -04:00
..
netfilter netfilter: remove unused "config IP_NF_QUEUE" 2013-03-20 00:11:43 +01:00
af_inet.c ipv4: Fix ip-header identification for gso packets. 2013-03-26 13:50:05 -04:00
ah4.c
arp.c
cipso_ipv4.c
datagram.c
devinet.c net: ipv4: fix schedule while atomic bug in check_lifetime() 2013-04-08 12:04:51 -04:00
esp4.c
fib_frontend.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
fib_lookup.h
fib_rules.c
fib_semantics.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
fib_trie.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
gre.c
icmp.c
igmp.c
inet_connection_sock.c Fix: sparse warning in inet_csk_prepare_forced_close 2013-03-07 16:31:29 -05:00
inet_diag.c
inet_fragment.c inet: limit length of fragment queue hash table bucket lists 2013-03-19 10:28:36 -04:00
inet_hashtables.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
inet_lro.c
inet_timewait_sock.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
inetpeer.c
ip_forward.c
ip_fragment.c inet: limit length of fragment queue hash table bucket lists 2013-03-19 10:28:36 -04:00
ip_gre.c Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally" 2013-03-16 23:00:41 -04:00
ip_input.c ipv[4|6]: correct dropwatch false positive in local_deliver_finish 2013-03-01 15:56:29 -05:00
ip_options.c net/ipv4: Ensure that location of timestamp option is stored 2013-03-12 05:35:39 -04:00
ip_output.c
ip_sockglue.c
ip_vti.c
ipcomp.c
ipconfig.c ipconfig: Fix newline handling in log message. 2013-03-20 12:15:58 -04:00
ipip.c
ipmr.c
Kconfig
Makefile
netfilter.c
ping.c
proc.c
protocol.c
raw.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
route.c
syncookies.c
sysctl_net_ipv4.c
tcp_bic.c
tcp_cong.c
tcp_cubic.c
tcp_diag.c
tcp_fastopen.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: undo spurious timeout after SACK reneging 2013-03-24 17:27:28 -04:00
tcp_ipv4.c tcp: dont handle MTU reduction on LISTEN socket 2013-03-18 13:31:28 -04:00
tcp_lp.c
tcp_memcontrol.c
tcp_metrics.c
tcp_minisocks.c
tcp_output.c selinux: add a skb_owned_by() hook 2013-04-09 13:23:11 -04:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c tcp: fix skb_availroom() 2013-03-14 11:49:45 -04:00
tunnel4.c
udp_diag.c
udp_impl.h
udp.c udp: add encap_destroy callback 2013-03-20 12:10:38 -04:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_state.c
xfrm4_tunnel.c